relevance-tarantula 0.0.1

data/lib/relevance/tarantula/transform.rb

@@ -0,0 +1,17 @@
+class Relevance::Tarantula::Transform 
+  attr_accessor :from, :to
+  def initialize(from, to)
+    @from = from
+    @to = to
+  end
+  def [](string)
+    case to
+    when Proc
+      string.gsub(from, &to)
+    else
+      string.gsub(from, to)
+    end
+  end
+end
+
+

data/lib/relevance/tarantula.rb

@@ -0,0 +1,63 @@
+require 'forwardable'
+
+TARANTULA_ROOT = File.expand_path(File.join(File.dirname(__FILE__), "../.."))
+
+# bringing in xss-shield requires a bunch of other dependencies
+# still not certain about this, if it ruins your world please let me know
+require 'erb'
+gem 'activesupport'
+gem 'actionpack'
+require 'active_support'
+require 'action_controller'
+#xss_shield_path = File.join(TARANTULA_ROOT, %w{vendor xss-shield})
+#$: << File.join(xss_shield_path, "lib")
+#require File.join(xss_shield_path, "init")
+
+require 'htmlentities'
+require 'facets/kernel/meta'
+require 'facets/metaid'
+
+module Relevance; end
+module Relevance; module CoreExtensions; end; end
+module Relevance
+  module Tarantula
+    VERSION = "0.0.1"
+
+    def tarantula_home
+      File.expand_path(File.join(File.dirname(__FILE__), "../.."))
+    end
+    def log(msg)
+      puts msg if verbose
+    end
+    def rails_root
+      ::RAILS_ROOT
+    end
+    def verbose
+      ENV["VERBOSE"]
+    end
+  end
+end
+
+require File.expand_path(File.join(File.dirname(__FILE__), "core_extensions", "test_case"))
+require File.expand_path(File.join(File.dirname(__FILE__), "core_extensions", "ellipsize"))
+require File.expand_path(File.join(File.dirname(__FILE__), "core_extensions", "file"))
+require File.expand_path(File.join(File.dirname(__FILE__), "core_extensions", "response"))
+
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "html_reporter"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "html_report_helper"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "io_reporter"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "recording"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "response"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "result"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "log_grabber"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "invalid_html_handler"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "transform"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "crawler"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "form"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "form_submission"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "attack"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "attack_form_submission"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "attack_handler"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "link"))
+
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "tidy_handler")) if ENV['TIDY_PATH']

data/manifest.txt

@@ -0,0 +1,114 @@
+MIT-LICENSE
+README.rdoc
+Rakefile
+init.rb
+install.rb
+laf/images/background.jpg
+laf/images/relevance-os-logo.gif
+laf/images/tab.png
+laf/images/table-sort.gif
+laf/images/tarantula-sprites.png
+laf/javascripts/jquery-1.2.3.js
+laf/javascripts/jquery-ui-tabs.js
+laf/javascripts/jquery.tablesorter.js
+laf/javascripts/tarantula.js
+laf/stylesheets/tarantula.css
+laf/stylesheets/ui.tabs.css
+lib/relevance/core_extensions/ellipsize.rb
+lib/relevance/core_extensions/file.rb
+lib/relevance/core_extensions/response.rb
+lib/relevance/core_extensions/test_case.rb
+lib/relevance/tarantula/attack.rb
+lib/relevance/tarantula/attack_form_submission.rb
+lib/relevance/tarantula/attack_handler.rb
+lib/relevance/tarantula/crawler.rb
+lib/relevance/tarantula/detail.html.erb
+lib/relevance/tarantula/form.rb
+lib/relevance/tarantula/form_submission.rb
+lib/relevance/tarantula/html_document_handler.rb
+lib/relevance/tarantula/html_report_helper.rb
+lib/relevance/tarantula/html_reporter.rb
+lib/relevance/tarantula/index.html.erb
+lib/relevance/tarantula/invalid_html_handler.rb
+lib/relevance/tarantula/io_reporter.rb
+lib/relevance/tarantula/link.rb
+lib/relevance/tarantula/log_grabber.rb
+lib/relevance/tarantula/rails_integration_proxy.rb
+lib/relevance/tarantula/recording.rb
+lib/relevance/tarantula/response.rb
+lib/relevance/tarantula/result.rb
+lib/relevance/tarantula/test_report.html.erb
+lib/relevance/tarantula/tidy_handler.rb
+lib/relevance/tarantula/transform.rb
+lib/relevance/tarantula.rb
+tasks/tarantula_tasks.rake
+template/tarantula_test.rb
+test/relevance/core_extensions/ellipsize_test.rb
+test/relevance/core_extensions/file_test.rb
+test/relevance/core_extensions/response_test.rb
+test/relevance/core_extensions/test_case_test.rb
+test/relevance/tarantula/attack_form_submission_test.rb
+test/relevance/tarantula/attack_handler_test.rb
+test/relevance/tarantula/crawler_test.rb
+test/relevance/tarantula/form_submission_test.rb
+test/relevance/tarantula/form_test.rb
+test/relevance/tarantula/html_document_handler_test.rb
+test/relevance/tarantula/html_report_helper_test.rb
+test/relevance/tarantula/html_reporter_test.rb
+test/relevance/tarantula/invalid_html_handler_test.rb
+test/relevance/tarantula/io_reporter_test.rb
+test/relevance/tarantula/link_test.rb
+test/relevance/tarantula/log_grabber_test.rb
+test/relevance/tarantula/rails_integration_proxy_test.rb
+test/relevance/tarantula/result_test.rb
+test/relevance/tarantula/tidy_handler_test.rb
+test/relevance/tarantula/transform_test.rb
+test/relevance/tarantula_test.rb
+test/test_helper.rb
+tmp/test_output/images/background.jpg
+tmp/test_output/images/relevance-os-logo.gif
+tmp/test_output/images/tab.png
+tmp/test_output/images/table-sort.gif
+tmp/test_output/images/tarantula-sprites.png
+tmp/test_output/index.html
+tmp/test_output/javascripts/jquery-1.2.3.js
+tmp/test_output/javascripts/jquery-ui-tabs.js
+tmp/test_output/javascripts/jquery.tablesorter.js
+tmp/test_output/javascripts/tarantula.js
+tmp/test_output/stylesheets/tarantula.css
+tmp/test_output/stylesheets/ui.tabs.css
+tmp/test_output/test_user_pages/1.html
+tmp/test_output/test_user_pages/10.html
+tmp/test_output/test_user_pages/11.html
+tmp/test_output/test_user_pages/12.html
+tmp/test_output/test_user_pages/13.html
+tmp/test_output/test_user_pages/14.html
+tmp/test_output/test_user_pages/15.html
+tmp/test_output/test_user_pages/16.html
+tmp/test_output/test_user_pages/17.html
+tmp/test_output/test_user_pages/18.html
+tmp/test_output/test_user_pages/19.html
+tmp/test_output/test_user_pages/2.html
+tmp/test_output/test_user_pages/20.html
+tmp/test_output/test_user_pages/3.html
+tmp/test_output/test_user_pages/4.html
+tmp/test_output/test_user_pages/5.html
+tmp/test_output/test_user_pages/6.html
+tmp/test_output/test_user_pages/7.html
+tmp/test_output/test_user_pages/8.html
+tmp/test_output/test_user_pages/9.html
+uninstall.rb
+vendor/xss-shield/MIT-LICENSE
+vendor/xss-shield/README
+vendor/xss-shield/init.rb
+vendor/xss-shield/lib/xss_shield/erb_hacks.rb
+vendor/xss-shield/lib/xss_shield/haml_hacks.rb
+vendor/xss-shield/lib/xss_shield/safe_string.rb
+vendor/xss-shield/lib/xss_shield/secure_helpers.rb
+vendor/xss-shield/lib/xss_shield.rb
+vendor/xss-shield/test/test_actionview_integration.rb
+vendor/xss-shield/test/test_erb.rb
+vendor/xss-shield/test/test_haml.rb
+vendor/xss-shield/test/test_helpers.rb
+vendor/xss-shield/test/test_safe_string.rb
+manifest.txt

data/tarantula.gemspec

@@ -0,0 +1,42 @@
+Gem::Specification.new do |s|
+  s.name = %q{tarantula}
+  s.version = "0.0.1"
+
+  s.required_rubygems_version = Gem::Requirement.new("= 1.2") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Relevance"]
+  s.date = %q{2008-09-05}
+  s.description = %q{A big hairy fuzzy spider that crawls your site, wreaking havoc}
+  s.email = %q{opensource@thinkrelevance.com}
+  s.extra_rdoc_files = ["MIT-LICENSE", "README.rdoc", "lib/relevance/core_extensions/ellipsize.rb", "lib/relevance/core_extensions/file.rb", "lib/relevance/core_extensions/response.rb", "lib/relevance/core_extensions/test_case.rb", "lib/relevance/tarantula/attack.rb", "lib/relevance/tarantula/attack_form_submission.rb", "lib/relevance/tarantula/attack_handler.rb", "lib/relevance/tarantula/crawler.rb", "lib/relevance/tarantula/detail.html.erb", "lib/relevance/tarantula/form.rb", "lib/relevance/tarantula/form_submission.rb", "lib/relevance/tarantula/html_document_handler.rb", "lib/relevance/tarantula/html_report_helper.rb", "lib/relevance/tarantula/html_reporter.rb", "lib/relevance/tarantula/index.html.erb", "lib/relevance/tarantula/invalid_html_handler.rb", "lib/relevance/tarantula/io_reporter.rb", "lib/relevance/tarantula/link.rb", "lib/relevance/tarantula/log_grabber.rb", "lib/relevance/tarantula/rails_integration_proxy.rb", "lib/relevance/tarantula/recording.rb", "lib/relevance/tarantula/response.rb", "lib/relevance/tarantula/result.rb", "lib/relevance/tarantula/test_report.html.erb", "lib/relevance/tarantula/tidy_handler.rb", "lib/relevance/tarantula/transform.rb", "lib/relevance/tarantula.rb", "vendor/xss-shield/MIT-LICENSE"]
+  s.files = ["MIT-LICENSE", "README.rdoc", "Rakefile", "init.rb", "install.rb", "laf/images/background.jpg", "laf/images/relevance-os-logo.gif", "laf/images/tab.png", "laf/images/table-sort.gif", "laf/images/tarantula-sprites.png", "laf/javascripts/jquery-1.2.3.js", "laf/javascripts/jquery-ui-tabs.js", "laf/javascripts/jquery.tablesorter.js", "laf/javascripts/tarantula.js", "laf/stylesheets/tarantula.css", "laf/stylesheets/ui.tabs.css", "lib/relevance/core_extensions/ellipsize.rb", "lib/relevance/core_extensions/file.rb", "lib/relevance/core_extensions/response.rb", "lib/relevance/core_extensions/test_case.rb", "lib/relevance/tarantula/attack.rb", "lib/relevance/tarantula/attack_form_submission.rb", "lib/relevance/tarantula/attack_handler.rb", "lib/relevance/tarantula/crawler.rb", "lib/relevance/tarantula/detail.html.erb", "lib/relevance/tarantula/form.rb", "lib/relevance/tarantula/form_submission.rb", "lib/relevance/tarantula/html_document_handler.rb", "lib/relevance/tarantula/html_report_helper.rb", "lib/relevance/tarantula/html_reporter.rb", "lib/relevance/tarantula/index.html.erb", "lib/relevance/tarantula/invalid_html_handler.rb", "lib/relevance/tarantula/io_reporter.rb", "lib/relevance/tarantula/link.rb", "lib/relevance/tarantula/log_grabber.rb", "lib/relevance/tarantula/rails_integration_proxy.rb", "lib/relevance/tarantula/recording.rb", "lib/relevance/tarantula/response.rb", "lib/relevance/tarantula/result.rb", "lib/relevance/tarantula/test_report.html.erb", "lib/relevance/tarantula/tidy_handler.rb", "lib/relevance/tarantula/transform.rb", "lib/relevance/tarantula.rb", "tasks/tarantula_tasks.rake", "template/tarantula_test.rb", "test/relevance/core_extensions/ellipsize_test.rb", "test/relevance/core_extensions/file_test.rb", "test/relevance/core_extensions/response_test.rb", "test/relevance/core_extensions/test_case_test.rb", "test/relevance/tarantula/attack_form_submission_test.rb", "test/relevance/tarantula/attack_handler_test.rb", "test/relevance/tarantula/crawler_test.rb", "test/relevance/tarantula/form_submission_test.rb", "test/relevance/tarantula/form_test.rb", "test/relevance/tarantula/html_document_handler_test.rb", "test/relevance/tarantula/html_report_helper_test.rb", "test/relevance/tarantula/html_reporter_test.rb", "test/relevance/tarantula/invalid_html_handler_test.rb", "test/relevance/tarantula/io_reporter_test.rb", "test/relevance/tarantula/link_test.rb", "test/relevance/tarantula/log_grabber_test.rb", "test/relevance/tarantula/rails_integration_proxy_test.rb", "test/relevance/tarantula/result_test.rb", "test/relevance/tarantula/tidy_handler_test.rb", "test/relevance/tarantula/transform_test.rb", "test/relevance/tarantula_test.rb", "test/test_helper.rb", "tmp/test_output/images/background.jpg", "tmp/test_output/images/relevance-os-logo.gif", "tmp/test_output/images/tab.png", "tmp/test_output/images/table-sort.gif", "tmp/test_output/images/tarantula-sprites.png", "tmp/test_output/index.html", "tmp/test_output/javascripts/jquery-1.2.3.js", "tmp/test_output/javascripts/jquery-ui-tabs.js", "tmp/test_output/javascripts/jquery.tablesorter.js", "tmp/test_output/javascripts/tarantula.js", "tmp/test_output/stylesheets/tarantula.css", "tmp/test_output/stylesheets/ui.tabs.css", "tmp/test_output/test_user_pages/1.html", "tmp/test_output/test_user_pages/10.html", "tmp/test_output/test_user_pages/11.html", "tmp/test_output/test_user_pages/12.html", "tmp/test_output/test_user_pages/13.html", "tmp/test_output/test_user_pages/14.html", "tmp/test_output/test_user_pages/15.html", "tmp/test_output/test_user_pages/16.html", "tmp/test_output/test_user_pages/17.html", "tmp/test_output/test_user_pages/18.html", "tmp/test_output/test_user_pages/19.html", "tmp/test_output/test_user_pages/2.html", "tmp/test_output/test_user_pages/20.html", "tmp/test_output/test_user_pages/3.html", "tmp/test_output/test_user_pages/4.html", "tmp/test_output/test_user_pages/5.html", "tmp/test_output/test_user_pages/6.html", "tmp/test_output/test_user_pages/7.html", "tmp/test_output/test_user_pages/8.html", "tmp/test_output/test_user_pages/9.html", "uninstall.rb", "vendor/xss-shield/MIT-LICENSE", "vendor/xss-shield/README", "vendor/xss-shield/init.rb", "vendor/xss-shield/lib/xss_shield/erb_hacks.rb", "vendor/xss-shield/lib/xss_shield/haml_hacks.rb", "vendor/xss-shield/lib/xss_shield/safe_string.rb", "vendor/xss-shield/lib/xss_shield/secure_helpers.rb", "vendor/xss-shield/lib/xss_shield.rb", "vendor/xss-shield/test/test_actionview_integration.rb", "vendor/xss-shield/test/test_erb.rb", "vendor/xss-shield/test/test_haml.rb", "vendor/xss-shield/test/test_helpers.rb", "vendor/xss-shield/test/test_safe_string.rb", "manifest.txt", "tarantula.gemspec"]
+  s.has_rdoc = true
+  s.homepage = %q{http://opensource.thinkrelevance.com/wiki/tarantula}
+  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Tarantula", "--main", "README.rdoc"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{thinkrelevance}
+  s.rubygems_version = %q{1.2.0}
+  s.summary = %q{A big hairy fuzzy spider that crawls your site, wreaking havoc}
+  s.test_files = ["test/relevance/core_extensions/ellipsize_test.rb", "test/relevance/core_extensions/file_test.rb", "test/relevance/core_extensions/response_test.rb", "test/relevance/core_extensions/test_case_test.rb", "test/relevance/tarantula/attack_form_submission_test.rb", "test/relevance/tarantula/attack_handler_test.rb", "test/relevance/tarantula/crawler_test.rb", "test/relevance/tarantula/form_submission_test.rb", "test/relevance/tarantula/form_test.rb", "test/relevance/tarantula/html_document_handler_test.rb", "test/relevance/tarantula/html_report_helper_test.rb", "test/relevance/tarantula/html_reporter_test.rb", "test/relevance/tarantula/invalid_html_handler_test.rb", "test/relevance/tarantula/io_reporter_test.rb", "test/relevance/tarantula/link_test.rb", "test/relevance/tarantula/log_grabber_test.rb", "test/relevance/tarantula/rails_integration_proxy_test.rb", "test/relevance/tarantula/result_test.rb", "test/relevance/tarantula/tidy_handler_test.rb", "test/relevance/tarantula/transform_test.rb", "test/relevance/tarantula_test.rb"]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 2
+
+    if current_version >= 3 then
+      s.add_runtime_dependency(%q<htmlentities>, [">= 0"])
+      s.add_runtime_dependency(%q<hpricot>, [">= 0"])
+      s.add_runtime_dependency(%q<facets>, [">= 2.4.3"])
+      s.add_development_dependency(%q<echoe>, [">= 0"])
+    else
+      s.add_dependency(%q<htmlentities>, [">= 0"])
+      s.add_dependency(%q<hpricot>, [">= 0"])
+      s.add_dependency(%q<facets>, [">= 2.4.3"])
+      s.add_dependency(%q<echoe>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<htmlentities>, [">= 0"])
+    s.add_dependency(%q<hpricot>, [">= 0"])
+    s.add_dependency(%q<facets>, [">= 2.4.3"])
+    s.add_dependency(%q<echoe>, [">= 0"])
+  end
+end

data/tasks/tarantula_tasks.rake

@@ -0,0 +1,34 @@
+namespace :tarantula do
+
+  desc 'Run tarantula tests and (Mac only) open results in your browser.'
+  task :test do
+    rm_rf "tmp/tarantula"
+    task = Rake::TestTask.new(:tarantula_test) do |t|
+      t.libs << 'test'
+      t.pattern = 'test/tarantula/**/*_test.rb'
+      t.verbose = true
+    end
+
+    begin
+      Rake::Task[:tarantula_test].invoke
+    rescue RuntimeError => e
+      puts e.message
+    end
+    Dir.glob("tmp/tarantula/**/index.html") do |file|
+      if PLATFORM['darwin']
+        system("open #{file}")
+      elsif PLATFORM[/linux/]
+        system("firefox #{file}")
+      else
+        puts "You can view tarantula results at #{file}"
+      end
+    end
+  end
+
+  desc 'Generate a default tarantula test'
+  task :setup do
+    mkdir_p "test/tarantula"
+    template_path = File.expand_path(File.join(File.dirname(__FILE__), "..", "template", "tarantula_test.rb"))
+    cp template_path, "test/tarantula/"
+  end
+end

data/template/tarantula_test.rb

@@ -0,0 +1,12 @@
+require "#{File.dirname(__FILE__)}/../test_helper"
+require "relevance/tarantula"
+
+class TarantulaTest < ActionController::IntegrationTest
+  fixtures :all
+
+  def test_tarantula
+    post '/session', :login => 'quentin', :password => 'monkey'
+    follow_redirect!
+    tarantula_crawl(self)
+  end
+end

data/test/relevance/core_extensions/ellipsize_test.rb

@@ -0,0 +1,19 @@
+require File.join(File.dirname(__FILE__), "../..", "test_helper.rb")
+
+describe "Relevance::CoreExtensions::Object#ellipsize" do
+  it "converts nil to empty string" do
+    nil.ellipsize.should == ""
+  end
+  
+  it "doesn't touch short strings" do
+    "hello".ellipsize.should == "hello"
+  end
+  
+  it "calls inspect on non-strings" do
+    [1,2,3].ellipsize.should == "[1, 2, 3]"
+  end
+
+  it "shortens long strings and adds ..." do
+    "long-string".ellipsize(5).should == "long-..."
+  end
+end

data/test/relevance/core_extensions/file_test.rb

@@ -0,0 +1,8 @@
+require File.join(File.dirname(__FILE__), "../..", "test_helper.rb")
+require 'relevance/core_extensions/file'
+
+describe "Relevance::CoreExtensions::File#extension" do
+  it "should return the extension without the leading dot" do
+    File.extension("foo.bar").should == "bar"
+  end
+end

data/test/relevance/core_extensions/response_test.rb

@@ -0,0 +1,29 @@
+require File.join(File.dirname(__FILE__), "../..", "test_helper.rb")
+require 'relevance/core_extensions/file'
+
+describe "Relevance::CoreExtensions::Response#html?" do
+  before do
+    @response = OpenStruct.new
+    @response.extend(Relevance::CoreExtensions::Response)
+  end         
+  
+  it "should be html if the content-type is 'text/html'" do
+    @response.content_type = "text/html"
+    @response.should.be.html
+    @response.content_type = "text/html;charset=iso-8859-2"
+    @response.should.be.html
+  end
+
+  it "should not be html if the content-type isn't an html type" do
+    @response.content_type = "text/plain"
+    @response.should.not.be.html
+  end
+
+  # better ideas welcome, but be careful not to  
+  # castrate tarantula for proxies that don't set the content-type
+  it "should pretend we have html if the content-type is nil" do
+    @response.content_type = nil
+    @response.should.be.html
+  end
+  
+end

data/test/relevance/core_extensions/test_case_test.rb

@@ -0,0 +1,17 @@
+require File.join(File.dirname(__FILE__), "../..", "test_helper.rb")
+require 'relevance/core_extensions/test_case'
+include Relevance::Tarantula
+
+describe "TestCase extensions" do
+  it "can create the crawler" do
+    RailsIntegrationProxy.stubs(:rails_root).returns("STUB_RAILS_ROOT")
+    Crawler.any_instance.stubs(:rails_root).returns("STUB_RAILS_ROOT")
+    tarantula_crawler(stub_everything)
+  end
+
+  it "can crawl" do
+    (crawler = mock).expects(:crawl).with("/foo")
+    expects(:tarantula_crawler).returns(crawler)
+    tarantula_crawl(:integration_test_stub, :url => "/foo")
+  end
+end

data/test/relevance/tarantula/attack_form_submission_test.rb

@@ -0,0 +1,79 @@
+require File.join(File.dirname(__FILE__), "..", "..", "test_helper.rb")
+
+describe "Relevance::Tarantula::AttackFormSubmission" do
+  
+  # TODO: add more from field types to this example form as needed
+  before do
+    @tag = Hpricot(<<END)
+<form action="/session" method="post">
+  <input id="email" name="email" size="30" type="text" />
+  <textarea id="comment" name="comment"value="1" />
+  <input name="commit" type="submit" value="Postit" />
+  <input name="secret" type="hidden" value="secret" />
+  <select id="foo_opened_on_1i" name="foo[opened_on(1i)]">
+    <option value="2003">2003</option>
+    <option value="2004">2004</option>
+  </select> 
+</form>
+END
+    @form = Relevance::Tarantula::Form.new(@tag.at('form'))
+    @fs = Relevance::Tarantula::AttackFormSubmission.new(@form, Attack.new({:name => 'foo_name', :input => 'foo_code', :output => 'foo_code'}))
+  end
+  
+  it "can mutate text areas" do
+    @fs.mutate_text_areas(@form).should == {"comment" => "foo_code"}
+  end
+  
+  it "can mutate selects" do
+    Hpricot::Elements.any_instance.stubs(:rand).returns(stub(:[] => "2006-stub"))
+    @fs.mutate_selects(@form).should == {"foo[opened_on(1i)]" => "2006-stub"}
+  end
+  
+  it "can mutate inputs" do
+    @fs.mutate_inputs(@form).should == {"commit"=>"foo_code", "secret"=>"foo_code", "email"=>"foo_code"}
+  end
+
+  it "has a signature based on action,  fields, and attack name" do
+    @fs.signature.should == ['/session', [
+      "comment", 
+      "commit", 
+      "email", 
+      "foo[opened_on(1i)]", 
+      "secret"],
+      "foo_name"
+    ]
+  end
+  
+  it "has a friendly to_s" do
+    @fs.to_s.should =~ %r{^/session post}
+  end
+  
+  it "processes all its attacks" do
+    AttackFormSubmission.stubs(:attacks).returns([
+      Attack.new({:name => 'foo_name1', :input => 'foo_input', :output => 'foo_output'}),
+      Attack.new({:name => 'foo_name2', :input => 'foo_input', :output => 'foo_output'}),
+    ])
+    Relevance::Tarantula::AttackFormSubmission.mutate(@form).size.should == 2
+  end
+  
+  it "maps hash attacks to Attack instances" do
+    AttackFormSubmission.instance_variable_set("@attacks", [{ :name => "attack name"}])
+    AttackFormSubmission.attacks.should == [Attack.new({:name => "attack name"})]
+  end
+end
+
+describe "Relevance::Tarantula::AttackFormSubmission for a crummy form" do
+  before do
+    @tag = Hpricot(<<END)
+<form action="/session" method="post">
+  <input value="no_name" />
+</form>
+END
+    @form = Relevance::Tarantula::Form.new(@tag.at('form'))
+    @fs = Relevance::Tarantula::AttackFormSubmission.new(@form, {:name => 'foo_name', :input => 'foo_code', :output => 'foo_code'})
+  end
+  
+  it "ignores unnamed inputs" do
+    @fs.mutate_inputs(@form).should == {}
+  end
+end

data/test/relevance/tarantula/attack_handler_test.rb

@@ -0,0 +1,30 @@
+require File.join(File.dirname(__FILE__), "..", "..", "test_helper.rb")
+include Relevance::Tarantula
+
+describe "Relevance::Tarantula::AttackHandler" do
+  before do
+    @handler = Relevance::Tarantula::AttackHandler.new
+    attack = Attack.new({:name => 'foo_name', :input => 'foo_code', :output => '<bad>'})
+    @handler.stubs(:attacks).returns([attack])
+  end
+  
+  it "lets safe documents through" do
+    result = @handler.handle(Result.new(:response => stub(:html? => true, :body => '<a href="/foo">good</a>')))
+    result.should == nil
+  end
+  
+  it "detects the supplied code" do
+    result = @handler.handle(Result.new(:response => stub(:html? => true, :body => '<a href="/foo"><bad></a>')))
+    result.success.should == false
+  end
+end
+
+describe "Attacks without an output specified" do
+  it "never matches anything" do
+    handler = Relevance::Tarantula::AttackHandler.new
+    attack = Attack.new({:name => 'foo_name', :input => 'foo_code'})
+    Relevance::Tarantula::AttackFormSubmission.stubs(:attacks).returns([attack])
+    result = handler.handle(Result.new(:response => stub(:html? => true, :body => '<a href="/foo">good</a>')))
+    result.should == nil
+  end
+end